Criminals could hijack wireless mice from afar

Following the news that broke highlighting that criminals could hijack wireless mice from afar. Tod Beardsley, Security Research Manager at Rapid7, had this to say:

“The research conducted and released by Bastille focuses on one central design flaw in the way that commodity PC peripherals are designed: the wireless mouse implementation does not encrypt communication between the peripheral and the PC. The ramifications of this oversight are explored and exploited by the researchers, and they report deeply troubling results. The researchers report an effective range of their attack of about 100 meters, giving attackers a radius of more than a city block in which to effectively compromise end users.

It’s concerning that the mouse interface can be trivially hijacked by attackers and mischief makers, but the findings here also indicate that some brands enable back-dooring the mouse system to send keystrokes, which is even more troubling. Even in the case where the keyboard controls are sufficiently protected, it is usually fairly easy to pop up an on-screen keyboard. At that point, attackers can type whatever they like on compromised computers.

The best advice I can give today is to ensure that your wireless keyboard and mouse communicates via Bluetooth, rather than the described (and more common) 2.4GHZ radio hardware. Bluetooth, the older infrared standard, and plain old wired mice are not affected. Notably, Apple’s standard peripherals use Bluetooth, which today features strong encryption and authentication protocols, so the scope of the vulnerability is limited to common PC laptops and desktops running Windows or Linux.”